Inclusion of Sensitive Information in Log Files in NetIQ Identity Manager - CVE-2017-7434

 

Inclusion of Sensitive Information in Log Files in NetIQ Identity Manager - CVE-2017-7434

Published: January 12, 2023


Vulnerability identifier: #VU71128
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-7434
CWE-ID: CWE-532
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: OpenText
Affected software:
NetIQ Identity Manager

Detailed vulnerability description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the JDBC driver of NetIQ Identity Manager send out an incorrect XML configuration, which can result in passwords being logged into exception logfiles.


How to mitigate CVE-2017-7434

Install updates from vendor's website.

Sources